Loading system/stack/rfcomm/rfc_ts_frames.c +23 −1 Original line number Diff line number Diff line Loading @@ -679,6 +679,14 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) UINT8 ea, cr, mx_len; BOOLEAN is_command; if (length < 2) { RFCOMM_TRACE_ERROR("%s: Illegal MX Frame when reading EA, C/R." " len:%d < 2", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } p_rx_frame->ea = *p_data & RFCOMM_EA; p_rx_frame->cr = (*p_data & RFCOMM_CR_MASK) >> RFCOMM_SHIFT_CR; p_rx_frame->type = *p_data++ & ~(RFCOMM_CR_MASK | RFCOMM_EA_MASK); Loading @@ -701,6 +709,13 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) if (!ea) { if (length < 1) { RFCOMM_TRACE_ERROR("%s: Illegal MX Frame when EA = 0.len:%d < 1", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } mx_len += *p_data++ << RFCOMM_SHIFT_LENGTH2; length --; } Loading Loading @@ -777,7 +792,14 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) return; case RFCOMM_MX_MSC: if (length != RFCOMM_MX_MSC_LEN_WITH_BREAK && length != RFCOMM_MX_MSC_LEN_NO_BREAK) { RFCOMM_TRACE_ERROR("%s: Illegal MX MSC Frame len:%d", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } ea = *p_data & RFCOMM_EA; cr = (*p_data & RFCOMM_CR_MASK) >> RFCOMM_SHIFT_CR; p_rx_frame->dlci = *p_data++ >> RFCOMM_SHIFT_DLCI; Loading Loading
system/stack/rfcomm/rfc_ts_frames.c +23 −1 Original line number Diff line number Diff line Loading @@ -679,6 +679,14 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) UINT8 ea, cr, mx_len; BOOLEAN is_command; if (length < 2) { RFCOMM_TRACE_ERROR("%s: Illegal MX Frame when reading EA, C/R." " len:%d < 2", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } p_rx_frame->ea = *p_data & RFCOMM_EA; p_rx_frame->cr = (*p_data & RFCOMM_CR_MASK) >> RFCOMM_SHIFT_CR; p_rx_frame->type = *p_data++ & ~(RFCOMM_CR_MASK | RFCOMM_EA_MASK); Loading @@ -701,6 +709,13 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) if (!ea) { if (length < 1) { RFCOMM_TRACE_ERROR("%s: Illegal MX Frame when EA = 0.len:%d < 1", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } mx_len += *p_data++ << RFCOMM_SHIFT_LENGTH2; length --; } Loading Loading @@ -777,7 +792,14 @@ void rfc_process_mx_message (tRFC_MCB *p_mcb, BT_HDR *p_buf) return; case RFCOMM_MX_MSC: if (length != RFCOMM_MX_MSC_LEN_WITH_BREAK && length != RFCOMM_MX_MSC_LEN_NO_BREAK) { RFCOMM_TRACE_ERROR("%s: Illegal MX MSC Frame len:%d", __func__, length); android_errorWriteLog(0x534e4554, "111937065"); osi_free(p_buf); return; } ea = *p_data & RFCOMM_EA; cr = (*p_data & RFCOMM_CR_MASK) >> RFCOMM_SHIFT_CR; p_rx_frame->dlci = *p_data++ >> RFCOMM_SHIFT_DLCI; Loading
